cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Christoph Schmatzler
2025-08-12 19:08:49 +00:00
parent f9a85fc581
commit 6cbfbd78c4
47 changed files with 188 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/darwin/shared.nix
View File

@@ -1,6 +1,5 @@
{ {
imports = [ imports = [
../../modules/base ../../modules/platform/darwin
../../modules/darwin
]; ];
} }

17
hosts/nixos/tahani/default.nix
View File

@@ -5,8 +5,7 @@
... ...
}: { }: {
imports = [ imports = [
../../../modules/base ../../../modules/platform/nixos
../../../modules/nixos
]; ];
boot = { boot = {
@@ -51,13 +50,13 @@
nameservers = ["1.1.1.1"]; nameservers = ["1.1.1.1"];
}; };
sops.secrets = { # sops.secrets = {
tahani-syncthing-cert = { # tahani-syncthing-cert = {
sopsFile = "./secrets/tahani-syncthing-cert"; # sopsFile = "./secrets/tahani-syncthing-cert";
format = "binary"; # format = "binary";
path = "/home/${user}/.config/syncthing/cert.pem"; # path = "/home/${user}/.config/syncthing/cert.pem";
}; # };
}; # };
services.syncthing = { services.syncthing = {
enable = true; enable = true;

28
modules/base/home-manager/default.nix
View File

@@ -1,28 +0,0 @@
{
imports = [
./atuin.nix
./bat.nix
./eza.nix
./fish.nix
./git.nix
./lazygit.nix
./neovim
./mise.nix
./ssh.nix
./starship.nix
./zellij.nix
./zoxide.nix
./zsh.nix
];
programs.home-manager.enable = true;
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
home.shellAliases = {
v = "nvim";
lg = "lazygit";
};
}

21
modules/base/default.nix → modules/core/default.nix
View File

@@ -1,11 +1,5 @@
{ {pkgs, ...}: {
sops-nix, programs.fish.enable = true;
pkgs,
user,
...
}: {
imports = [
];
nixpkgs = { nixpkgs = {
config = { config = {
@@ -27,7 +21,6 @@
settings = { settings = {
trusted-users = [ trusted-users = [
"@admin" "@admin"
"${user}"
]; ];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
@@ -43,12 +36,4 @@
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
}
programs.fish.enable = true;
services = {
tailscale = {
enable = true;
};
};
}

24
modules/home-manager/base/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
imports = [
./shell/aliases.nix
./shell/fish.nix
./shell/starship.nix
./shell/zsh.nix
./tools/atuin.nix
./tools/bat.nix
./tools/eza.nix
./tools/git.nix
./tools/lazygit.nix
./tools/mise.nix
./tools/ssh.nix
./tools/zellij.nix
./tools/zoxide.nix
./editors/neovim
];
programs.home-manager.enable = true;
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

0
modules/base/home-manager/neovim/autocmd.nix → modules/home-manager/base/editors/neovim/autocmd.nix
View File

0
modules/base/home-manager/neovim/default.nix → modules/home-manager/base/editors/neovim/default.nix
View File

0
modules/base/home-manager/neovim/mappings.nix → modules/home-manager/base/editors/neovim/mappings.nix
View File

0
modules/base/home-manager/neovim/options.nix → modules/home-manager/base/editors/neovim/options.nix
View File

0
modules/base/home-manager/neovim/plugins/conform.nix → modules/home-manager/base/editors/neovim/plugins/conform.nix
View File

0
modules/base/home-manager/neovim/plugins/grug-far.nix → modules/home-manager/base/editors/neovim/plugins/grug-far.nix
View File

0
modules/base/home-manager/neovim/plugins/lazygit.nix → modules/home-manager/base/editors/neovim/plugins/lazygit.nix
View File

0
modules/base/home-manager/neovim/plugins/lsp.nix → modules/home-manager/base/editors/neovim/plugins/lsp.nix
View File

0
modules/base/home-manager/neovim/plugins/mini.nix → modules/home-manager/base/editors/neovim/plugins/mini.nix
View File

0
modules/base/home-manager/neovim/plugins/treesitter.nix → modules/home-manager/base/editors/neovim/plugins/treesitter.nix
View File

6
modules/home-manager/base/shell/aliases.nix Normal file
View File

@@ -0,0 +1,6 @@
{
home.shellAliases = {
v = "nvim";
lg = "lazygit";
};
}

0
modules/base/home-manager/fish.nix → modules/home-manager/base/shell/fish.nix
View File

0
modules/base/home-manager/starship.nix → modules/home-manager/base/shell/starship.nix
View File

0
modules/base/home-manager/zsh.nix → modules/home-manager/base/shell/zsh.nix
View File

0
modules/base/home-manager/atuin.nix → modules/home-manager/base/tools/atuin.nix
View File

0
modules/base/home-manager/bat.nix → modules/home-manager/base/tools/bat.nix
View File

0
modules/base/home-manager/eza.nix → modules/home-manager/base/tools/eza.nix
View File

0
modules/base/home-manager/git.nix → modules/home-manager/base/tools/git.nix
View File

0
modules/base/home-manager/lazygit.nix → modules/home-manager/base/tools/lazygit.nix
View File

0
modules/base/home-manager/mise.nix → modules/home-manager/base/tools/mise.nix
View File

0
modules/base/home-manager/ssh.nix → modules/home-manager/base/tools/ssh.nix
View File

0
modules/base/home-manager/zellij.nix → modules/home-manager/base/tools/zellij.nix
View File

0
modules/base/home-manager/zoxide.nix → modules/home-manager/base/tools/zoxide.nix
View File

5
modules/home-manager/darwin/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
imports = [
./terminal/ghostty.nix
];
}

0
modules/darwin/home-manager/ghostty.nix → modules/home-manager/darwin/terminal/ghostty.nix
View File

5
modules/home-manager/nixos/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
imports = [
./terminal/zellij.nix
];
}

0
modules/nixos/home-manager/zellij.nix → modules/home-manager/nixos/terminal/zellij.nix
View File

6
modules/networking/firewall.nix Normal file
View File

@@ -0,0 +1,6 @@
{
networking.firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
};
}

9
modules/networking/ssh.nix Normal file
View File

@@ -0,0 +1,9 @@
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
}

3
modules/networking/tailscale.nix Normal file
View File

@@ -0,0 +1,3 @@
{
services.tailscale.enable = true;
}

109
modules/nixos/default.nix
View File

@@ -1,109 +0,0 @@
{
pkgs,
nixvim,
user,
sops-nix,
...
}: let
sshKeys = import ../../shared/ssh-keys.nix;
in {
imports = [
sops-nix.nixosModules.sops
];
system.stateVersion = "25.11";
time.timeZone = "UTC";
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
};
networking.firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
tailscale = {
enable = true;
port = 41641;
useRoutingFeatures = "server";
openFirewall = true;
};
adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
};
users.users = {
${user} = {
isNormalUser = true;
home = "/home/${user}";
extraGroups = [
"wheel"
"sudo"
"network"
"systemd-journal"
"docker"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = sshKeys.keys;
};
root = {
openssh.authorizedKeys.keys = sshKeys.keys;
};
};
security.sudo = {
enable = true;
};
home-manager = {
users.${user} = {
pkgs,
config,
lib,
...
}: {
_module.args = {inherit user;};
imports = [
nixvim.homeModules.nixvim
../base/home-manager
./home-manager/zellij.nix
];
home = {
packages = pkgs.callPackage ../base/packages.nix {} ++ pkgs.callPackage ./packages.nix {};
stateVersion = "25.11";
};
};
};
}

4
modules/base/packages.nix → modules/packages/default.nix
View File

@@ -1,7 +1,6 @@
{pkgs}: {pkgs}:
with pkgs; [ with pkgs; [
alejandra alejandra
sops
delta delta
docker docker
docker-compose docker-compose
@@ -22,6 +21,7 @@ with pkgs; [
prettier prettier
python312 python312
ripgrep ripgrep
sops
sqlite sqlite
tree tree
tree-sitter tree-sitter
@@ -29,4 +29,4 @@ with pkgs; [
vivid vivid
wget wget
zip zip
] ]

20
modules/darwin/default.nix → modules/platform/darwin/default.nix
View File

@@ -6,6 +6,8 @@
... ...
}: { }: {
imports = [ imports = [
../../core
../../networking/tailscale.nix
./secrets.nix ./secrets.nix
./system.nix ./system.nix
./homebrew.nix ./homebrew.nix
@@ -17,10 +19,13 @@
stateVersion = 6; stateVersion = 6;
}; };
nix.gc.interval = { nix = {
Weekday = 0; settings.trusted-users = ["@admin" "${user}"];
Hour = 2; gc.interval = {
Minute = 0; Weekday = 0;
Hour = 2;
Minute = 0;
};
}; };
users.users.${user} = { users.users.${user} = {
@@ -40,12 +45,13 @@
_module.args = {inherit user;}; _module.args = {inherit user;};
imports = [ imports = [
nixvim.homeModules.nixvim nixvim.homeModules.nixvim
../base/home-manager ../../home-manager/base
./home-manager/ghostty.nix ../../home-manager/darwin
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
home = { home = {
packages = pkgs.callPackage ../base/packages.nix {} ++ pkgs.callPackage ./packages.nix {}; packages = pkgs.callPackage ../../packages {}
++ pkgs.callPackage ./packages.nix {};
stateVersion = "25.11"; stateVersion = "25.11";
}; };
}; };

0
modules/darwin/dock/default.nix → modules/platform/darwin/dock/default.nix
View File

0
modules/darwin/homebrew.nix → modules/platform/darwin/homebrew.nix
View File

0
modules/darwin/packages.nix → modules/platform/darwin/packages.nix
View File

0
modules/darwin/secrets.nix → modules/platform/darwin/secrets.nix
View File

0
modules/darwin/system.nix → modules/platform/darwin/system.nix
View File

74
modules/platform/nixos/default.nix Normal file
View File

@@ -0,0 +1,74 @@
{
pkgs,
nixvim,
user,
sops-nix,
...
}: let
sshKeys = import ../../../shared/ssh-keys.nix;
in {
imports = [
../../core
../../networking/firewall.nix
../../networking/ssh.nix
./tailscale.nix
../../services/adguard.nix
sops-nix.nixosModules.sops
];
security.sudo.enable = true;
system.stateVersion = "25.11";
time.timeZone = "UTC";
nix = {
settings.trusted-users = ["${user}"];
gc.dates = "weekly";
nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
};
users.users = {
${user} = {
isNormalUser = true;
home = "/home/${user}";
extraGroups = [
"wheel"
"sudo"
"network"
"systemd-journal"
"docker"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = sshKeys.keys;
};
root = {
openssh.authorizedKeys.keys = sshKeys.keys;
};
};
home-manager = {
users.${user} = {
pkgs,
config,
lib,
...
}: {
_module.args = {inherit user;};
imports = [
nixvim.homeModules.nixvim
../../home-manager/base
../../home-manager/nixos
];
home = {
packages = pkgs.callPackage ../../packages {}
++ pkgs.callPackage ./packages.nix {};
stateVersion = "25.11";
};
};
};
}

0
modules/nixos/packages.nix → modules/platform/nixos/packages.nix
View File

8
modules/platform/nixos/tailscale.nix Normal file
View File

@@ -0,0 +1,8 @@
{
services.tailscale = {
enable = true;
port = 41641;
useRoutingFeatures = "server";
openFirewall = true;
};
}

21
modules/services/adguard.nix Normal file
View File

@@ -0,0 +1,21 @@
{
services.adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
}